A number of systems rely on proximity of communicating devices for payment processing. For example, contactless payment systems rely on the assumption that a valid user's payment device (such as a smartphone with a payment application, or a payment smartcard) is in proximity to the terminal when the payment is done. Typically, communication mechanism such as Near Field Communication (NFC) are commonly used to verify that communicating devices are in proximity to payment terminals. While such communication mechanism impose restrictions on the distance between communicating devices according to physical properties (for example, NFC operates at distances on the order of centimeters only), systems relying on such communication mechanism are still vulnerable to relay attacks (also called in the art as “mafia-in-the-middle attacks” or “mafia fraud attacks”).
In a common scheme, an attacker may use a specially constructed or configured fake device (i.e., an attacker's device) to mislead a payment terminal to communicate with the attacker's device. The attacker's device may in turn be connected to a remote terminal under control of the attacker (i.e., an attacker remote terminal). The attacker's device may communicate the information it receives from the payment terminal to the attacker remote terminal using any communication link suitable for the attacker. The attacker remote terminal may in turn be positioned to communicate with a legitimate device. Then, attacker's device may receive information from legitimate payment terminal, relay it to the attacker remote terminal, which in turn may pass this information to the legitimate device; at the same time, the attacker remote terminal may receive information from legitimate device, relay it to the attacker's device, which in turn may pass this information to the legitimate terminal.
Consequently, during an attack, while the legitimate terminal may appear to be directly communicating with a legitimate device that is in close physical proximity to the legitimate terminal, it in fact may be exchanging information with a legitimate device physically located in any arbitrary location (e.g., at a different place in the same room, at a different room, or even many hundreds or thousands of kilometers away). It should be noted that for this type of attack, attacker doesn't need to interfere with (or to understand) the data exchanged between the legitimate device and legitimate terminal, and therefore, this attack cannot be prevented by means such as encrypting data stream between the legitimate device and legitimate terminal.
Therefore, there is a need in the art for detecting and/or preventing such attacks.